Re: CVE-2018-1050 and CVE-2018-1057 for samba

To: Mathieu Parent <math.parent@gmail.com>
Cc: Paul Wise <pabs@debian.org>, debian-lts@lists.debian.org
Subject: Re: CVE-2018-1050 and CVE-2018-1057 for samba
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 14 Mar 2018 09:31:04 +0100
Message-id: <[🔎] 20180314083104.GA17008@inutil.org>
In-reply-to: <[🔎] CAFX5sbwtqfwZ_ShUD8NF8_vOQ9DKJJsPDXyB00DyDFBYoEhf+Q@mail.gmail.com>
References: <[🔎] CAFX5sbyQuE0P5kNuSgJektJsDESzmf9sVbkURgZxYJhPbCiYUA@mail.gmail.com> <[🔎] CAKTje6Eq56649TY9AqvMYVmGgF4Mos3jyE7qYRiM0eCJPGAh8Q@mail.gmail.com> <[🔎] CAFX5sbwtqfwZ_ShUD8NF8_vOQ9DKJJsPDXyB00DyDFBYoEhf+Q@mail.gmail.com>

On Wed, Mar 14, 2018 at 10:07:40AM +0100, Mathieu Parent wrote:
> 2018-03-14 10:00 GMT+01:00 Paul Wise <pabs@debian.org>:
> > On Wed, Mar 14, 2018 at 4:42 PM, Mathieu Parent wrote:
> >
> >> See the attached patch for CVE-2018-1050 on samba 3.6. CVE-2018-10507
> >> is on the AD DC code which is not part of samba 3.6.
> >
> > A beta of samba 4 is also in wheezy:
> >
> > https://packages.debian.org/source/wheezy/samba4
> 
> It should be removed from supported packages IMO.

Already happened a long time ago, this package was modified to only
build some client libs (IIRC needed for Openchange), but doesn't
ship the server parts: 
https://packages.qa.debian.org/s/samba4/news/20140416T220212Z.html

Cheers,
        Moritz

Reply to:

References:
- CVE-2018-1050 and CVE-2018-1057 for samba
  - From: Mathieu Parent <math.parent@gmail.com>
- Re: CVE-2018-1050 and CVE-2018-1057 for samba
  - From: Paul Wise <pabs@debian.org>
- Re: CVE-2018-1050 and CVE-2018-1057 for samba
  - From: Mathieu Parent <math.parent@gmail.com>

Prev by Date: Re: CVE-2018-1050 and CVE-2018-1057 for samba
Next by Date: Re: CVE-2018-1050 and CVE-2018-1057 for samba
Previous by thread: Re: CVE-2018-1050 and CVE-2018-1057 for samba
Next by thread: Re: CVE-2018-1050 and CVE-2018-1057 for samba
Index(es):
- Date
- Thread